Commit graph

77 commits

Author SHA1 Message Date
Haelwenn (lanodan) Monnier fc37e5815f
Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src
Closes: https://git.pleroma.social/pleroma/pleroma/merge_requests/469
2019-03-05 01:44:24 +01:00
Ivan Tashkinov bc4f77b10b [#468] Merged upstream/develop, resolved conflicts. 2019-02-17 14:07:04 +03:00
Ivan Tashkinov 2a4a4f3342 [#468] Defined OAuth restrictions for all applicable routes.
Improved missing "scopes" param handling.
Allowed "any of" / "all of" mode specification in OAuthScopesPlug.
Fixed auth UI / behavior when user selects no permissions at /oauth/authorize.
2019-02-15 19:54:37 +03:00
Ivan Tashkinov 063baca5e4 [#468] User UI for OAuth permissions restriction. Standardized storage format for scopes fields, updated usages. 2019-02-14 00:29:29 +03:00
Haelwenn (lanodan) Monnier da4c662af3
Plugs.HTTPSecurityPlug: Add webpacker to connect-src 2019-02-12 22:12:12 +01:00
Haelwenn (lanodan) Monnier 00e8f0b07d
Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
2019-02-12 22:12:11 +01:00
shibayashi ea1058929c
Use url[:scheme] instead of protocol to determine if https is enabled 2019-02-12 00:08:52 +01:00
Haelwenn (lanodan) Monnier 6a6a5b3251
de-group alias/es 2019-02-09 16:31:17 +01:00
Ivan Tashkinov 4ad843fb9d [#468] Prototype of OAuth2 scopes support. TwitterAPI scope restrictions. 2019-02-09 17:09:08 +03:00
Haelwenn (lanodan) Monnier 60ea29dfe6
Credo fixes: alias grouping/ordering 2019-02-09 14:59:20 +01:00
Haelwenn (lanodan) Monnier 106f4e7a0f
Credo fixes: parameter consistency 2019-02-09 14:59:20 +01:00
href fa5ec765d9
Serve sw-pleroma.js properly 2019-02-01 11:34:41 +01:00
href 8018ae7ae5
Join on preloads to avoid N+1 queries 2019-01-26 15:55:53 +01:00
William Pitcock 980b5288ed update copyright years to 2019 2018-12-31 15:41:47 +00:00
William Pitcock 2791ce9a1f add license boilerplate to pleroma core 2018-12-23 20:56:42 +00:00
lain f3eb414e28 Add a way to use the admin api without a user. 2018-12-18 21:08:52 +01:00
href b1860fe85a
Instance/Static runtime plug
This allows to set-up an arbitrary directory which overrides most of the
static files: index.html static/ emoji/ packs/ sounds/ images/ instance/
favicon.png.

If the files are not present in the directory, the bundled ones in
priv/static will be used.
2018-12-17 22:50:59 +01:00
href 5dcb7aecea
More put_view. 2018-12-16 17:51:22 +01:00
Egor Kislitsyn 658edb166f
fix and improve web push; add configuration docs 2018-12-14 13:05:29 +01:00
Maksim Pechnikov 074fa790ba fix compile warnings 2018-12-09 20:50:08 +03:00
Egor Kislitsyn 4944498133 Merge branch 'develop' into feature/compat/push-subscriptions
# Conflicts:
#	lib/pleroma/application.ex
#	lib/pleroma/plugs/oauth_plug.ex
2018-12-06 20:15:16 +07:00
Egor Kislitsyn 8b4397c704 Merge branch 'develop' into feature/compat/push-subscriptions
# Conflicts:
#	lib/mix/tasks/sample_config.eex
#	lib/pleroma/web/twitter_api/controllers/util_controller.ex
#	mix.exs
#	mix.lock
2018-12-06 19:55:58 +07:00
Maksim Pechnikov c524c50509 fix/273 2018-12-05 17:32:06 +03:00
lain f18b86fd5f More fixes for Info schema. 2018-12-01 12:46:08 +01:00
lain c443c9bd72 Merge branch 'develop' of git.pleroma.social:pleroma/pleroma into validate-user-info 2018-12-01 09:55:46 +01:00
lain 1c67277c80 Fix admin api. 2018-12-01 09:03:16 +01:00
href b19597f602
reverse proxy / uploads 2018-11-30 18:00:47 +01:00
lain d0ec2812bd Merge remote-tracking branch 'origin' into validate-user-info 2018-11-30 17:34:20 +01:00
Haelwenn (lanodan) Monnier 04daa0fa44
Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
This fixes running mastofe with MIX_ENV=dev
2018-11-26 21:41:36 +01:00
shibayashi 591b11eafc
Add manifest-src to allow manifest.json 2018-11-26 20:48:24 +01:00
William Pitcock 3356c7d1e9 oauth plug: fix deactivated check 2018-11-20 18:47:00 +00:00
Haelwenn (lanodan) Monnier 4a79b89dba
lib/pleroma/plugs/user_is_admin_plug.ex: change 403 string to “User is not admin.” 2018-11-17 20:25:56 +01:00
Haelwenn (lanodan) Monnier c8b8f1d32c
[Pleroma.Plugs.UserIsAdminPlug]: Check if admin is true instead of false, fix error reporting 2018-11-17 20:25:53 +01:00
Haelwenn (lanodan) Monnier 7076d45cb6
lib/pleroma/plugs/user_is_admin_plug.ex: Create 2018-11-17 20:25:52 +01:00
William Pitcock c07464607d http security: remove form-action from CSP definitions 2018-11-16 17:40:21 +00:00
William Pitcock ee5932a504 http security: allow referrer-policy to be configured 2018-11-12 15:14:46 +00:00
William Pitcock fe67665e19 rename CSPPlug to HTTPSecurityPlug. 2018-11-12 15:08:02 +00:00
William Pitcock df72978dce csp plug: add support for certificate transparency 2018-11-11 06:55:44 +00:00
William Pitcock 331cf6ada1 csp plug: add sts support 2018-11-11 06:50:28 +00:00
William Pitcock f516e317ea plugs: add CSPPlug 2018-11-11 06:10:21 +00:00
href 6fe23c5458
Runtime configured router 2018-11-05 15:19:03 +01:00
Martin Kühl c2d592c9c5 Assign token to connection 2018-09-22 07:04:01 +02:00
lain 44b094908c Update legacy passwords automatically. 2018-09-05 22:30:14 +02:00
lain e601165426 Add UserEnabledPlug. 2018-09-05 21:53:53 +02:00
lain 5ce1ebb179 Add SetUserSessionIdPlug. 2018-09-05 21:42:42 +02:00
lain 12bc73dd28 Add EnsureUserKeyPlug, smaller fixes 2018-09-05 19:06:28 +02:00
lain 32465b9939 Simplify AuthenticationPlug 2018-09-05 18:53:38 +02:00
lain 9a96c93be7 Add SessionAuthenticationPlug. 2018-09-05 18:37:02 +02:00
lain a3f54fca4d Add LegacyAuthenticationPlug 2018-09-05 18:17:33 +02:00
lain 3cf17dc402 Add EnsureAuthenticatedPlug 2018-09-05 17:59:19 +02:00